- This only works between a HOST and Virtual Machine it will NOT WORK between two virtual machines.
- Very fast debugging compared to Serial Ports.
- Only works on a Windows host so if you with to do this on OS X or Linux this will not help you. (There might be other similar software to help you achieve this however I am not aware of any)

2. Serial Ports:

This method even though it's documented I found that most of the online sources I found were missing different steps or were covering an older version of VMware. For the following example we will use the following names:

"DEBUGEE" - Machine to be debugged.
"DEBUGGER" - Machine which runs the debugger.

Make sure you have Windows Debugging tools installed on the debugger, if you do not you can download and install it at the following url:-

serial0.present = "FALSE"serial1.present = "TRUE"serial1.fileType = "pipe"serial1.yieldOnMsrRead = "TRUE"serial1.startConnected = "TRUE"serial1.fileName = "/private/tmp/windbg"
The same thing applies here, fileName should be a valid path.
Now there is only one step left to do and that is to edit the c:\boot.ini on the debugee and add a line as follows:

Tuesday, April 12, 2011

Answer:Recently I've been receiving feedback from people who have read the papers and amongst those _sinn3r and corelanc0d3r actually recommended I should also give examples using real vulnerable application.

Friday, April 8, 2011

I'm not going to repeat myself from the paper, this will just be a short description of what the paper contains.

So in the previous tutorials our exploits were made on Backtrack 4 R2 now we are going to make them on Debian Squeeze (latest) because Backtrack does not have DEP enabled by default (PAE enabled kernel on 32 bits).

In short terms DEP or NX prevents some stack or heap memory spaces from being executed, it also prevents executable memory from being writable. This is very effective against buffer overflows that inject and execute malicious code. (More about NX here)

Saturday, March 19, 2011

I've started to write a series of tutorials about exploit development on Linux, this is the first part which contains a Stack overflow, with hardcoded ESP address (I know it's unreliable, that's why it's part 1).Anyways here is the PDF: Linux exploit development part 1 - Stack overflow